Merge pull request #788 from juanfont/warn-websockets-requirement
Warn when Headscale is running behind an improperly configured proxy
This commit is contained in:
commit
af60ffb7fa
3 changed files with 21 additions and 4 deletions
|
@ -6,6 +6,7 @@
|
||||||
- Add ability to specify config location via env var `HEADSCALE_CONFIG` [#674](https://github.com/juanfont/headscale/issues/674)
|
- Add ability to specify config location via env var `HEADSCALE_CONFIG` [#674](https://github.com/juanfont/headscale/issues/674)
|
||||||
- Target Go 1.19 for Headscale [#778](https://github.com/juanfont/headscale/pull/778)
|
- Target Go 1.19 for Headscale [#778](https://github.com/juanfont/headscale/pull/778)
|
||||||
- Target Tailscale v1.30.0 to build Headscale [#780](https://github.com/juanfont/headscale/pull/780)
|
- Target Tailscale v1.30.0 to build Headscale [#780](https://github.com/juanfont/headscale/pull/780)
|
||||||
|
- Give a warning when running Headscale with reverse proxy improperly configured for WebSockets [#788](https://github.com/juanfont/headscale/pull/788)
|
||||||
|
|
||||||
## 0.16.4 (2022-08-21)
|
## 0.16.4 (2022-08-21)
|
||||||
|
|
||||||
|
|
|
@ -99,10 +99,13 @@ func (h *Headscale) DERPHandler(
|
||||||
req *http.Request,
|
req *http.Request,
|
||||||
) {
|
) {
|
||||||
log.Trace().Caller().Msgf("/derp request from %v", req.RemoteAddr)
|
log.Trace().Caller().Msgf("/derp request from %v", req.RemoteAddr)
|
||||||
up := strings.ToLower(req.Header.Get("Upgrade"))
|
upgrade := strings.ToLower(req.Header.Get("Upgrade"))
|
||||||
if up != "websocket" && up != "derp" {
|
|
||||||
if up != "" {
|
if upgrade != "websocket" && upgrade != "derp" {
|
||||||
log.Warn().Caller().Msgf("Weird websockets connection upgrade: %q", up)
|
if upgrade != "" {
|
||||||
|
log.Warn().
|
||||||
|
Caller().
|
||||||
|
Msg("No Upgrade header in DERP server request. If headscale is behind a reverse proxy, make sure it is configured to pass WebSockets through.")
|
||||||
}
|
}
|
||||||
writer.Header().Set("Content-Type", "text/plain")
|
writer.Header().Set("Content-Type", "text/plain")
|
||||||
writer.WriteHeader(http.StatusUpgradeRequired)
|
writer.WriteHeader(http.StatusUpgradeRequired)
|
||||||
|
|
13
noise.go
13
noise.go
|
@ -23,6 +23,19 @@ func (h *Headscale) NoiseUpgradeHandler(
|
||||||
) {
|
) {
|
||||||
log.Trace().Caller().Msgf("Noise upgrade handler for client %s", req.RemoteAddr)
|
log.Trace().Caller().Msgf("Noise upgrade handler for client %s", req.RemoteAddr)
|
||||||
|
|
||||||
|
upgrade := req.Header.Get("Upgrade")
|
||||||
|
if upgrade == "" {
|
||||||
|
// This probably means that the user is running Headscale behind an
|
||||||
|
// improperly configured reverse proxy. TS2021 requires WebSockets to
|
||||||
|
// be passed to Headscale. Let's give them a hint.
|
||||||
|
log.Warn().
|
||||||
|
Caller().
|
||||||
|
Msg("No Upgrade header in TS2021 request. If headscale is behind a reverse proxy, make sure it is configured to pass WebSockets through.")
|
||||||
|
http.Error(writer, "Internal error", http.StatusInternalServerError)
|
||||||
|
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
noiseConn, err := controlhttp.AcceptHTTP(req.Context(), writer, req, *h.noisePrivateKey)
|
noiseConn, err := controlhttp.AcceptHTTP(req.Context(), writer, req, *h.noisePrivateKey)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
log.Error().Err(err).Msg("noise upgrade failed")
|
log.Error().Err(err).Msg("noise upgrade failed")
|
||||||
|
|
Loading…
Reference in a new issue